feat(paperclip): add user-scoped memory isolation for GDPR compliance#1561
Open
amirhmoradi wants to merge 8 commits into
Open
feat(paperclip): add user-scoped memory isolation for GDPR compliance#1561amirhmoradi wants to merge 8 commits into
amirhmoradi wants to merge 8 commits into
Conversation
- Add userId parameter to BankContext for per-user memory isolation - Extend bankGranularity to support 'user' option for isolating memories by user - Add resolveUserIdFromActiveIssue() to extract user email from active issue - Add 'issues.read' capability to permissions for accessing active issue data - Update all bank ID derivations to include user ID when granularity includes 'user' - Update manifest description to mention GDPR compliance when user option is enabled This allows agents to maintain user-scoped memory in multi-user scenarios, ensuring that personal/scoped conversations don't leak between users.
feat(paperclip): add user-scoped memory isolation
Contributor
|
Thanks @amirhmoradi, direction is right, per-user isolation in paperclip is a real gap worth fixing. but i pulled the branch and npm run typecheck fails with 4 errors: ctx.issues.getActive() doesn't exist in @paperclipai/plugin-sdk. I checked the pinned ^2026.403.0, the latest stable 2026.428.0, and the latest canary 2026.511.0-canary.8. |
…ve() method The getActive() method does not exist in the Paperclip plugin SDK. Instead, use ctx.issues.list() to retrieve the agent's issues, then extract the user email from the first (most active) issue's originId field. This fixes the TypeScript compilation errors reported in the PR review.
The previous fix still had the wrong type signature. The actual SDK
PluginIssuesClient.list() requires a {companyId, ...} input object.
Changes:
- Import PluginContext type from @paperclipai/plugin-sdk
- resolveUserIdFromActiveIssue now takes (ctx: PluginContext, companyId, agentId, config)
- Calls ctx.issues.list({ companyId, assigneeAgentId: agentId, status: 'in_progress', limit: 1 })
to find the agent's currently active issue
- All 4 call sites updated to pass companyId and agentId from their respective contexts
Verified: npm run typecheck passes with zero errors.
Feat/user scoped memory
Contributor
|
thanks for updating. one quick check: when an agent has more than one in-progress issue, this picks an arbitrary one (whatever |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This allows agents to maintain user-scoped memory in multi-user scenarios,
ensuring that personal/scoped conversations don't leak between users.